Operator Training¶
Task-oriented runbooks for Bedrock operators — the people who run the Directory and keep identities, devices, servers, and keys in order. Each runbook is a single workflow: prerequisites, numbered steps (dashboard path + the underlying API), how to verify, and recovery/troubleshooting.
Who is an operator¶
An operator is a trusted Directory administrator with the authority to create and revoke
principals, enroll servers, and rotate cryptographic keys. Operators act through the
Directory web dashboard (/admin/...) and are themselves first-class principals,
accountable by name in the audit log.
What you need to know first¶
- Identity is token-based, not certificates. See Security model and PKI.
- Three kinds of principal — human, device, server. See Glossary.
- Revocation is one-way and propagates as a signed, sequence-monotonic RevocationList. See Security model.
- Classification — operators set a ceiling on tokens; the server enforces the floor. See Glossary.
- The admin surface is the Directory web dashboard (
/admin/...). Production containers have nonode ace— key rotation, server registration, and service-token issuance all live in the UI. The onlynode aceyou'll see in these runbooks (node ace generate:key) is a dev/lab step for a local.env; production secrets are generated by Terraform.
Start here¶
First time? Read Before you begin first — it tells you which roles you need in the room and the prerequisites to gather, so you don't get four steps in and discover you're missing a hat, a key, or a cloud project.
Then follow the master guide — it puts the runbooks below in the right order: ➡️ Stand up a deployment
Runbooks¶
| Runbook | Use when |
|---|---|
| Set up the certificate chain (PKI) | Standing up a deployment's CA chain for the first time. |
| Stand up the Directory | Deploying the identity authority + first Admin. |
| Add a server | Bring a new router/server online and register it. |
| Stand up the web client | Deploying the browser client. |
| Onboard an operator | A new human operator needs Directory access. |
| Onboard a device | Enroll a headless device — drone, sensor, feed, or API. |
| Revoke a principal | An operator or device is compromised or offboarded. |
| Rotate keys | Scheduled rotation or suspected key compromise. |
For customers vs internal use¶
These runbooks are safe to distribute to customer administrators and new hires. They
document operator workflows and the Directory dashboard surface as seen by anyone with
an operator principal. They deliberately omit deployment specifics — internal hostnames,
IP allocations, secrets, and infrastructure mechanics belong with the deployment team
and the infrastructure repo, not here.